June 15, 2020

Law enforcement agencies scored a major win 4th December 2019 when Europol announced it had identified 3,833 money mules, 386 money mule recruiters leading to 228 arrests. More than 12.9m Euros in fraud losses across 7,520 transactions were prevented with collaboration across 650 banks.

It’s all part of an international effort to hunt down operatives and key enablers for cybercrime around the world.

And it’s not just the law enforcement agencies who are making mules a priority. Financial institutions are increasingly collaborating with one another and technology to set up proactive initiatives that map out the complex networks of money mule accounts that facilitate global cybercrime.

School for Scandal

For those just tuning in, a “money mule” is someone whose bank account is used to receive illegally acquired funds in order to withdraw or transfer that money to other accounts. It is a key element in Digital Banking payment fraud; without money mules, this type of fraud would not exist.

While some are legitimate crooks themselves, a growing number of mules are actually unwitting victims. Stolen identity credentials can be used to set up bogus accounts under someone’s name. Other individuals can be tricked into this through job ads targeting the unemployed, without realizing they are signing up for something illegal. Others are cash-strapped students lured by the idea of making a quick buck.

The number of cases of 14-18 year old mules, for instance, rose 73% in the in the two last years.

Sometimes the proceeds they help launder are acquired through banking account takeover, online auction fraud or social engineering scams. Often the mule does not even get personally involved, instead handing over login credentials to bank accounts in their name so the cyberthieves can handle the transactions themselves. In this scenario these cyberthieves are called mule herders. Whatever the case, the mule is paid a small percentage of the proceeds for their trouble.

According to the United Nations Office of Drugs and Crime, fraudsters launder as much as US $2 trillion each year worldwide, or up to 5% of global GDP. As a result, the urgency to shut down mule activities grows by the day.

Hunting High & Low

Despite law enforcement’s best efforts to identify/catch mules and educate people on ways to avoid becoming a mule, this is a small drop in the ocean compared to the vast scale of this industry for fraudsters.

Financial institutions themselves can better spot mule networks. This often goes beyond standard cybersecurity and compliance requirements and requires an appetite to approach the initiative from the viewpoint that the result will protect society at whole from the perpetrators of financial crime that is often used to fuel drug and human trafficking and even terrorism.

The problem: When assessing each transaction in isolation traditional approaches often fail to expose the bigger picture, such as linkages between separate accounts and identities that can be part of a complex network created to hide nefarious mule herding activity among a sea of transactions.

And more basic rules can easily be circumvented by cybercriminals who know the ropes. One example: Banks rely on transaction values as the primary marker of fraud, often only reviewing or blocking transfers when they hit, say, £10,000. Fraudsters or mules may transfer funds in a series of small transactions that would go unnoticed.

Sure, transaction velocity and other factors can and often add an additional threshold. However, banks need to tread carefully as to not interfere with legitimate transactions and adversely affect the experience of trusted customers.

To effectively detect mule accounts and mule networks, banks need a technology refresh as well as expanded data insights to create linkages between separate transactions and accounts that indicate mule activity.

But fair warning: Going it alone is a long shot. Detecting and disrupting these kinds of activities requires aggregated data from a large enough dataset for organizations to connect the dots between users, devices, accounts and more.

Not Transactions, Identities

By assessing activity in the context of a user’s true digital identity, banks can spot anomalous behavior. For example, a financial institution should easily identify a fraudster logging into a mule’s account from a different device or from another city or continent than the individual, especially if that same device has logged onto three other accounts at different banks in far flung cities within the last half hour.

The actual owner of a mule account, a 21-year-old college student who has never had more than €600 in her account, recently received an inflow of funds from a number of cities. No money is leaving the bank, but something’s off, and may be worth investigating. Is this type of activity flagged in your environment today?

The LexisNexis® Digital Identity Network® sources shared intelligence gleaned from 130 million digital events each day across 40,000 sites and apps around the world. The Digital Identity Network®, powered by LexisNexis® ThreatMetrix, makes it possible to look across banks and organizations in multiple industries and geographies in order to visualize relationships between users, devices, accounts and more to identify cybercriminal networks, individual fraudsters, mule accounts and activities in real time. Better insight helps organizations make better-informed risk decisions.

Here is an example of one global financial institution we worked with recently in the UK that used the Digital Identity Network® alongside advanced rulesets and machine learning algorithms designed specifically to detect emerging mule accounts. The bank improved their ability to identify money mules by 50% in a manner of weeks and returned £750k to victims.


Although young people may not realize what they are doing by allowing access to their accounts, banks can stop a bad situation from getting much worse. Penalties for even unwitting mules can include up to 14 years in prison.

With that in mind, the second phase of Europol’s fight against money mules is an awareness campaign called #DontBeAMule. Running in 25 languages, the effort educates people about money muling, how to avoid recruitment and the consequences of complicity in these crimes.

Sounds like a worthy effort. But considering the immense losses stemming from online banking fraud perpetrated by money mules of all stripes, financial institutions are no doubt exploring other safeguards.

An approach based on advanced behavioral analytics and shared intelligence may be a very smart place to start.